Static task
static1
Behavioral task
behavioral1
Sample
Richiesta di Offerta.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Richiesta di Offerta.exe
Resource
win10v2004-20240426-en
General
-
Target
1678340b1c5a561f97b6dcaf03f07f36_JaffaCakes118
-
Size
188KB
-
MD5
1678340b1c5a561f97b6dcaf03f07f36
-
SHA1
e17fef1cbd29ef1125ef999b90dc7c3bf023f877
-
SHA256
cbbd8d9cc6816d8ff28e9b498240b053b1fad0ee4abc9f65b5eda3b502a6c56a
-
SHA512
2cd618a5dade75ae36926271a9fb461862038fa6bd44325a873d53e8ebd871076b2ff90a54ad25a18a15e24e28f30e2a94281b41f5e698a8caed4050cb98b964
-
SSDEEP
3072:5vgpgvf5837gs0bIs/JrX7Q7DmM5CRxgCa34sxwt4prysglbR+aQz9pRYgtubRcY:RWgvB8Eci47Dj5OiBr6no/RDtMnJ
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource unpack001/Richiesta di Offerta.exe
Files
-
1678340b1c5a561f97b6dcaf03f07f36_JaffaCakes118.gz
-
Richiesta di Offerta.exe.exe windows:4 windows x86 arch:x86
d185d23d2086b458ce33d4195a4e2798
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
msvbvm60
ord582
ord583
ord587
ord696
MethCallEngine
ord519
ord628
ord660
ord553
ord554
ord662
ord556
ord557
ord558
ord559
ord591
ord703
ord709
ord525
ord526
EVENT_SINK_AddRef
ord527
ord562
DllFunctionCall
ord670
ord673
ord675
EVENT_SINK_Release
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord607
ord714
ord641
ord537
ord646
ord680
ord682
ord685
ord100
ord610
ord611
ord547
Sections
.text Size: 556KB - Virtual size: 553KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ